System and method for assessing risk

ABSTRACT

An improved data handling system is disclosed that facilitates the collection, storage and distribution of information for use by one or more recipient performing a process such as assessing the risk associated with a transaction. A system for handling information includes an administrator for facilitating communication with a subscriber and an information acquisition engine that is for facilitating communication with one or more provider of information and an information assimilator that is for facilitating communication with a database. The system is configured to facilitate receiving a request from the subscriber defining one or more set of information and one or more provider of information to be received by the information acquisition engine and combined by the information assimilator into an information suite to be stored in a database.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of and claims priority to U.S. Ser.No. 11/932,348 filed on Oct. 31, 2007 entitled “SYSTEM AND METHOD FORACQUISITION, ASSIMILATION AND STORAGE OF INFORMATION.” The '348application is a continuation of and claims priority to U.S. Pat. No.7,386,528 issued on Jun. 10, 2008 entitled “SYSTEM AND METHOD FORACQUISITION, ASSIMILATION AND STORAGE OF INFORMATION” (aka U.S. Ser. No.10/160,583 filed on May 31, 2002). The entire disclosures of the priorapplications are considered as being part of the disclosure of thisapplication and are hereby incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates generally to facilitating the collection,storage and distribution of information, and more specifically, tosystems and methods for defining the source of the information,collecting information from external and internal sources anddistributing the information to a recipient for assessing the riskassociated with a transaction.

BACKGROUND OF THE INVENTION

In the field of automated information processing, many applications havebeen developed to process information for useful purposes such as makinga decision or evaluating a set of information based on one or morecriteria. In many cases, the speed, accuracy, and reliability of theseapplications are often limited only by their abilities to reliablyacquire information. As these applications are developed, they aretypically designed to utilize, and/or rely upon, a specific set ofinformation, and that information set is usually defined in accordancewith the information that is reasonably accessible, or envisioned soonto be reasonably accessible, at the time when the application is devisedand/or expected to be implemented. As the set of reasonably accessibleinformation subsequently changes (e.g., new information becomesavailable or other information becomes unavailable), applications areoften re-configured to function without the once-available information,or alternatively, to take advantage of the newly available information.In this way, applications that are not updated often become obsolete.

One example of an application that has been designed to processinformation is an application for determining the risk associated with atransaction. Many lenders have devised customized methods fordetermining risk associated with a transaction, and have developedapplications to perform a transaction risk and/or creditworthinessassessment, i.e., to determine an applicant's credit score. As apractical matter, however, these applications are often limited toinformation that can be acquired reasonably quickly through reliablesources such as credit bureaus or the credit issuer's internal database.Although a lender may attempt to increase the accuracy and/orreliability of their credit-scoring model by accommodating additionalinformation, such as recent transaction history, such attempts typicallyincrease the time and cost required to complete a transaction riskand/or creditworthiness assessment. This is due to the increased timeand effort required to acquire the additional information. Moreover,where additional information becomes available through a standarddatabase provider, a lender must modify existing models to accommodatethe additional information, resulting in increased cost.

Accordingly, a need exists for a system and method for facilitating thecollection, storage and distribution of information, where a subscribermay easily configure the source of the information. Moreover, a needexists for a system and method for facilitating the collection, storageand distribution of information, where a subscriber may easily configurethe definition of the information set.

SUMMARY OF THE INVENTION

The methods and systems of the present invention address many of theshortcomings of the prior art. In accordance with various aspects of thepresent invention, improved systems and methods are provided tofacilitate the collection, storage and distribution of information foruse by one or more application, such as a model for assessing the riskassociated with a transaction.

In accordance with one aspect of the present invention, a system forhandling information 100 includes an administrator 130 for facilitatingcommunication with both a subscriber 110 and an information acquisitionengine 140. The administrator 130 is configured to facilitate receivinga request from the subscriber 110 to acquire one or more prescribed setsof information 160 from one or more selected providers 150, i.e.,internal 155 and/or external 152 sources, of information. In addition,the administrator 130 is configured to facilitate instructing theinformation acquisition engine 140 to retrieve the information 160 fromthe selected providers 150 and to facilitate communication of theinformation 160 to an information assimilator 170. The informationassimilator 170 is configured to facilitate receiving the information160 from the information acquisition engine 140, to facilitate combiningthe information 160 into an information suite 176, and to facilitatestoring the information suite 176 in a database 178. Finally, theadministrator 130 may be configured to facilitate informing thesubscriber 110 whether and when the requested information 160 has beencollected and where and/or how it may be accessed. Optionally, theadministrator 130 may be configured to facilitate communicating arequest to the information assimilator 170 to transmit the informationsuite 176 to a designated information recipient 180. In suchembodiments, the information assimilator 170 is configured to facilitatecommunication with the information recipient 180 so that the informationsuite 176 may be transmitted.

The request 120 from the subscriber 110 is configured to facilitateflexibly modifying the definition of the information to be collected 122and/or the identity of the information provider 124. In accordance withanother exemplary embodiment of the present invention, the informationacquisition engine 140 may additionally be configured to facilitateacquiring information 165 from an internal database 155 to be combinedwith whatever external information 162, if any, was received by, orwhose receipt was facilitated by, the information acquisition engine140. In accordance with yet another exemplary embodiment of the presentinvention, the information suite 176 may be configured to facilitateprocessing by the recipient 180 or its delegate in order to determinethe risk associated with a transaction.

In accordance with another aspect of the invention, a method of handlinginformation 200 is initiated when an administrator 130 receives arequest 122 from a subscriber 110 to acquire one or more prescribed setsof information 160 from one or more selected providers 150, i.e.,internal 155 and/or external 152 sources, of information (step 210). Inresponse to the request 120, the administrator 130 facilitates therequest by implementing the identity 124 of the information provider 150and the definition 122 of the requested information 160 (step 220) andcommunicates conforming instructions to an information acquisitionengine 140 (step 230). In accordance with those instructions 120, theinformation acquisition engine 140 facilitates receipt of the requestedinformation 160 from the selected provider 150 (step 240) andfacilitates communicating the information 160 to an informationassimilator 170 (step 250). The information assimilator 170 facilitatesreceiving the information from the information acquisition engine 140(step 260), facilitates combining the information into an informationsuite 176 (step 270), and facilitates storing the information suite 176in a database 178 (step 280). Finally, the administrator 130 facilitatesinforming the subscriber 110 whether and when the requested information160 has been collected and where and how it may be accessed (step 290).Optionally, the system facilitates transmitting the information suite176 to a designated information recipient or its delegate 180 (step291).

In accordance with an exemplary embodiment of the present invention, thedefinition 122 of the information to be collected 160 and/or theidentity 124 of the information provider 150 are stored in a standardrequest module 120 configured to be accessed for repetitive use. Thestandard request module 120 may be configured to facilitate modificationin accordance with the desires of a subscriber 110, which may bedesirable as information requirements or providers change. In accordancewith another exemplary embodiment of the present invention, theinformation acquisition engine 140 may additionally facilitate acquiringinformation 165 from an internal database 155 to be combined with theexternal information 162, as facilitated by the information assimilator170. In accordance with yet another exemplary embodiment of the presentinvention, the information suite 176 may be processed by the recipient180 or its delegate in order to determine the risk associated with atransaction, which in turn may depend upon several factors such as fraudrisk, economic risk, or the risk associated with a transaction.

BRIEF DESCRIPTION OF THE DRAWINGS

The above-mentioned objects and features of the present invention can bemore clearly understood from the following detailed descriptionconsidered in conjunction with the following drawings, in which likenumerals represent like elements and in which:

FIG. 1 illustrates the components of an exemplary information handlingsystem; and,

FIG. 2 illustrates an exemplary process for facilitating an informationhandling process.

DETAILED DESCRIPTION

The present invention is an improved system and method for facilitatingthe collection, storage and distribution of information for use by oneor more application. In accordance with one aspect of the presentinvention, a system for handling information 100 includes anadministrator 130 for facilitating communication with both a subscriber110 and an information acquisition engine 140. The administrator 130 isconfigured to facilitate receiving a request 120 from the subscriber 110to facilitate acquiring one or more prescribed sets of information 160from one or more selected providers 150, i.e., internal 155 and/orexternal 155 sources, of information 150. In addition, the administrator130 is configured to facilitate instructing the information acquisitionengine 140 to facilitate receiving the information 160 from the selectedproviders 150 and to facilitate communicating the information 160 to aninformation assimilator 170. The information assimilator 170 isconfigured to facilitate receiving the information 160 from theinformation acquisition engine 140, to facilitate combining theinformation 160 into an information suite 176, and to facilitate storingthe information suite 176 in a database 178.

Finally, the administrator 130 may be configured to facilitate informingthe subscriber 110 whether and when the requested information 160 hasbeen collected and where and/or how it may be accessed. Optionally, theadministrator 130 may be configured to facilitate communicating arequest to the information assimilator 170 to facilitate transmittingthe information suite 176 to a designated information recipient 180. Insuch embodiments, the information assimilator 170 is configured tofacilitate communicating with the information recipient 180 so that theinformation suite 176 may be transmitted.

In accordance with an exemplary embodiment of the present invention, therequest 120 from the subscriber 110 is configured to facilitate flexiblymodifying the definition of the information 160 to be collected and/orthe identity of the information provider. In accordance with anotherexemplary embodiment of the present invention, the informationacquisition engine 140 may additionally be configured to facilitateacquiring information 160 from an internal database 178 to be combinedwith the external information 160 acquired by, or whose acquisition wasfacilitated by, the information assimilator 170. In accordance with yetanother exemplary embodiment of the present invention, the informationsuite 176 may be configured to facilitate processing by the recipient180 in order to determine the risk associated with a transaction.

In accordance with another aspect of the present invention, a method ofhandling information 160 is initiated when an administrator 130facilitates receiving a request 120 from a subscriber 110 to acquire oneor more prescribed sets of information 160 from one or more selectedproviders, i.e., internal and/or external sources, of information 160.In response to the request 120, the administrator 130 facilitatesimplementation of the identity of the information provider and therequested information 160 and facilitates communication of conforminginstructions to an information acquisition engine 140. In accordancewith those instructions, the information acquisition engine 140facilitates receiving the requested information 160 from the selectedprovider and facilitates communicating the information 160 to aninformation assimilator 170. The information assimilator 170 facilitatesreceiving the information 160 from the information acquisition engine140, facilitates combining the information 160 into an information suite176, and facilitates storing the information suite 176 in a database178. Finally, the administrator 130 facilitates informing the subscriber110 whether and when the requested information 160 has been collectedand where and how it may be accessed.

Optionally, the system 100 facilitates transmission of the informationsuite 176 to a designated information recipient 180.

In accordance with an exemplary embodiment of the present invention, thedefinition of the information to be collected and/or the identity of theinformation provider are stored in a standard request module 120 forrepetitive use. A standard request module 120 may facilitatemodification by a subscriber 110 as information availabilities,requirements, and/or providers change. In accordance with anotherexemplary embodiment of the present invention, the informationacquisition engine 140 may additionally facilitate acquiring information165 from an internal database 178 to be combined with the externalinformation 162 received by the information acquisition engine 140. Inaccordance with yet another exemplary embodiment of the presentinvention, the information suite 176 may facilitate processing by therecipient 180 or its delegate in order to determine the risk associatedwith a transaction.

In accordance with the present invention, a subscriber 110 may be aperson, an entity, an organization, a company, a machine, a computer,software and/or hardware, and may communicate a request 120 forinformation through a telephone conversation, facsimile, scanner,character recognition software, Internet, a network, a computer, anelectronic database 178, or forms submitted to the administrator 130. Inaccordance with the present invention, a recipient 180 may also be aperson, an entity, an organization, a company, a machine, a computer,software and/or hardware, and may receive information 160 through atelephone conversation, facsimile, scanner, character recognitionsoftware, Internet, a network, a computer, an electronic database 178,or forms provided by the administrator 130. In an exemplary embodiment,the administrator 130 may collect information 165 from an internaldatabase 178 such as a record database 178 for comparison to, andverification of, information 162 collected from external sources. Inthese situations, the record information source may be maintained forsuch comparison and verification purposes, and the information 162 fromthe external sources may be compared to the information of record fromthe record information source. In the event that the informationsupplied by the subscriber 10 in its request 120 is incomplete, theadministrator 130 may collect the missing information from a database178 of default requests 120.

The external data to be acquired from external providers may include,for example, credit information, address cleansing information,information indicators, credit information (e.g., data from creditbureaus, risk scores, trade line information, credit applicationinformation, open-to-buy and the like), data from merchant partners(e.g., frequent flier club data or other loyalty data or reward programdata), data pertaining to credit risk, data for identifying potentialfraud (e.g., death records, governmental records or other publicrecords) and/or other information. Address cleansing refers to a processof conforming an address to a standard format, verifying that anyabbreviations contained in the address comply with the standardizedformat, such as the United States Postal Service standards, andperforming an address matching operation. In an exemplary embodiment, anaddress acquired from an external database is compared to acorresponding address acquired from the internal record database, whichprovides a corresponding identity. The internally acquired identity maythen be compared to the externally acquired identity to determine if amatch exists.

With reference to FIG. 1, an exemplary information handling system 100includes an administrator 130, a subscriber 110 and an informationacquisition engine 140. An administrator may be an employee or othermechanism for defining data sources and configuring the manner in whichdata will be retrieved by the system and configured for use by asubscriber. The administrator 130 is any person, entity, hardware and/orsoftware which is configured to facilitate receiving an informationacquisition request 120 from the subscriber 110 to acquire one or moreprescribed sets of information 160 from one or more selected externalprovider 152 of external information 162 and/or one or more selectedinternal provider 155 of internal information 165. An informationacquisition engine 140 is any mechanism through which acquisition of aspecified set of data 160 may be facilitated based on a definition ofone or more data providers 150 and one or more requested pieces ofinformation 160. The information acquisition request 120 accordinglyincludes a set definition 122 identifying the subscriber's selection ofthe information to be acquired and a provider definition 124 identifyingthe subscriber's selection of the information providers 150, which maybe external information providers 152 or internal information providers155. In addition, the administrator 130 is configured to instruct theinformation acquisition engine 140 to retrieve the information 160 fromthe selected providers 150 and to communicate the information 160 to aninformation assimilator 170. The information assimilator 170 isconfigured to facilitate receiving the information 160 from theinformation acquisition engine 140, to combine the information 160 intoan assimilated information suite 176, and to store the assimilatedinformation suite 176 in a database 178. Finally, the administrator 130may be configured to send a message 131 informing the subscriber 110whether and when the requested information 160 has been collected andwhere and/or how it may be accessed. Optionally, the administrator 130may be configured to communicate an information transmission request 182to the information assimilator 170 to transmit the information suite 176to a designated information recipient 180. In such embodiments, theinformation assimilator 170 is configured to communicate with theinformation recipient 180 to facilitate transmission of the informationsuite 176.

In accordance with an exemplary embodiment of the present invention, theinformation acquisition request 120 from the subscriber 110 isconfigured to facilitate flexibly modifying the set definition 122 thatdescribes the information 160 to be collected and/or the providerdefinition 124 that specifies the identity of the information provider150. In accordance with another exemplary embodiment of the presentinvention, the information acquisition engine 140 may additionally beconfigured for acquiring information 165 by communicating with aninternal database through a permanent, semi-permanent, or evenintermittent communication link. The acquired information 165 is to becombined with external information 162 also acquired by the informationacquisition engine 140 by communicating with an external database. Inaccordance with yet another exemplary embodiment of the presentinvention, the information suite 176 may be configured to facilitateprocessing by the recipient 180 in order to determine the riskassociated with a transaction 190, which may be communicated to thesubscriber 110.

In an exemplary embodiment, a subscriber configured data suite 176comprises external information 162 defined by a request 120 thatincludes the identity of the external information provider 152 as wellas a name and a subscriber number. The subscriber number may beconfigured so that its possession by the subscriber implies permissionto access the information 162 on the selected database 152. Thesubscriber number may also be configured to provide an identifier forbilling purposes. In another exemplary embodiment, the request 120 mayinclude a request identifier, a subscriber identifier, a request timestamp and a request type code, a process control number and/or any otherinformation helpful in effectively communicating a request 120 to thesystem 100.

Exemplary external information providers 152 may include merchantpartners; travel-related service providers such as hotels, rental caragencies, airlines and travel agencies; loan servicing organizationssuch as the National Student Loan Clearinghouse; credit bureaus such asExperian and Equifax; fraud databases such as the Experian NationalFraud Database;

authentication and verification sources such as the Experianauthentication tool; business information databases such as Dunn &Bradstreet; public records from government sites; or other sources suchas Lexis/Nexis. Additional external information providers 152 mayinclude a global risk assessment system that is configured to trackcardmembers or applicants for cards and to gauge the creditworthiness ofthose cardmembers or applicants. It should be noted that a global riskassessment system may be configured to communicate with the datahandling system 100 to facilitate “closed loop” underwriting forcustomers, and also to facilitate cross-selling of pre-determinedeligible products to those customers. This cross-selling may be furtherenabled by cooperating utilities or by pre-approved solicitation filesthat may be configured to provide access to some or all open and activeoffers for an issuer of credit and to optionally use the data handlingsystem to provide insight on a prospect's credit trends. For example, apartner data file may be configured to provide loyalty data that mayhelp to predict consumer spending, credit quality, and the like and mayalso be configured to facilitate an additional process or mechanism tofacilitate address verification. Further, data sources such astraditional credit bureaus may be used to leverage existing corporaterelationships to provide improved verification and distinctioninformation, to proactively identify consumer request profile systemrelationships, and to provide a basis for re-engineering initiatives inthe future. The data sources may also include a third party dataprovider who may be a delegate of a specific merchant partner,designated to provide partner data to the information handling system100. Other sources might be financial institutions.

The information to be acquired 160 may include data for computing acredit applicant's creditworthiness as well as other data such as datafrom a national fraud database. The national fraud database may providea service such as address scrubbing or address matching. Also, sourcesmay provide non-credit data as well as credit data. Additionalinformation 160 may include demographic information, spending habits,payment history, reliability or the like. Demographic information mayinclude address and social security number. In addition, information maybe provided such as relationship data. For example, where a specificmerchant has an established relationship with a particular individual,the relationship may be described through acquired data such asfrequency of use of the service, e.g., frequent flier history. Otherpieces of information may include payment history, number of accountsopen to other creditors, debt-to-credit ratio, whether they pay theirbills on time, whether they are, or the extent to which they are,overextended in their credit, whether they are living at their currentaddress or whether and to what extent they move frequently, and theirspending histories. Finally, the data may include accumulated loyaltypoints and status, demographic information, pre-approved solicitations,student loan information, behavioral data, debit data, fraud data, andother data useful to identify fraudulent names and to decrease erroneousapproval of fraud accounts, telephone number, company name, streetaddress, city, state, zip, extended zip, which may improve verification,business and income information, property appraisal information, longand short-term probabilities, eligibility indicators, current balanceand credit line, Fico score or other known or standardized credit score,number of trades, major derogatory count, product eligibility, partnerstatus, tenure, miles accumulated, miles redeemed, and demographicinformation, estimated household income, best delivery address, previousaddress, consumer request profile system identifier, or membershipenrollment. In general, the data may comprise any data that could beused to assess creditworthiness, to protect against fraud, to enableemployment decisions, to make credit decisions, or to determine whetherto rent, or under what terms to rent, a specific property to aparticular party. Regardless of which data source 150 is chosen,however, the utility 100 is configured to rapidly introduce orfacilitate use of the new data 160. For example, when the system isconfigured to acquire data from a new data source, e.g., a newcommunication link is established, the system facilitates establishmentof the new data link in approximately four to six weeks, after whichsubscribers 110 may reliably access the data very quickly.Conventionally, the time requirement may be as long as eight months.

The system 100 may include one or more host server or other computingsystem including a processor for processing digital information, amemory coupled to the processor for storing digital information, aninput digitizer coupled to the processor for inputting digitalinformation, an application program stored in the memory and accessibleby the processor for directing processing of digital information by theprocessor, a display coupled to the processor and memory for displayinginformation derived from digital information processed by the processorand a plurality of databases, the databases including clientinformation, merchant information, financial institution informationand/or like information that could be used in association with thepresent invention. As those skilled in the art will appreciate, eachcomputing system will typically include an operating system (e.g.,Windows NT, 95/98/2000, Linux, Solaris, etc.) as well as variousconventional support software and drivers typically associated withcomputers. Computing systems can be in a home or business environmentwith access to a network. In an exemplary embodiment, access is throughthe Internet through a commercially-available web-browser softwarepackage. It should be noted that the components of system 100 may beimplemented as discrete modules or may be distributed within or acrossthe other components of the system 100 such that the functions of eachof the components are distributed among, i.e., implemented within, theelements of the system 100.

Communication between the subscriber 1 10, the information recipient180, the providers 150 and the system 100 may be accomplished throughany suitable communication means, such as, for example, a telephonenetwork, Intranet, Internet, point of interaction device (point of saledevice, personal digital assistant, cellular phone, kiosk, etc.), onlinecommunications, off-line communications, wireless communications, and/orthe like. One skilled in the art will also appreciate that, for securityreasons, any databases, systems, or components of the present inventionmay consist of any combination of databases or components at a singlelocation or at multiple locations, wherein each database or systemincludes any of various suitable security features, such as firewalls,access codes, encryption, de-encryption, compression, decompression,and/or the like.

The computers may provide a suitable website or other Internet-basedgraphical user interface which is accessible by users. In oneembodiment, the Internet Information Server, Microsoft TransactionServer, and Microsoft SQL Server, are used in conjunction with theMicrosoft operating system, Microsoft NT web server software, aMicrosoft SQL database system, and a Microsoft Commerce Server.Additionally, components such as Access Sequel Server, Oracle, MySQL,Intervase, etc., may be used to provide an ADO-compliant databasemanagement system. The term “webpage” as it is used herein is not meantto limit the type of documents and applications that might be used tointeract with the user. For example, a typical website might include, inaddition to standard HTML documents, various forms, Java applets,Javascript, active server pages (ASP), common gateway interface scripts(CGI), extensible markup language (XML), dynamic HTML, cascading stylesheets (CSS), helper applications, plug-ins, and the like.

The computing units may be connected with each other via an informationcommunication network. The network may be a public network and assumedto be insecure and open to eavesdroppers. In an exemplaryimplementation, the network may be the internet. In this context, thecomputers may or may not be connected to the internet at all times. Forinstance, a computer of the subscriber 110 may employ a modem tooccasionally connect to the internet, whereas the administrator 130computing center might maintain a permanent connection to the internet.Specific information related to the protocols, standards, andapplication software utilized in connection with the Internet may not bediscussed herein. For further information regarding such details, see,for example, DILIP NAIK, INTERNET STANDARDS AND PROTOCOLS (1998); JAVA 2COMPLETE, various authors, (Sybex 1999); DEBORAH RAY AND ERIC RAY,MASTERING HTML 4.0 (1997). LOSHIN, TCP/IP CLEARLY EXPLAINED (1997).

The system 100 may be suitably coupled to network via information links.A variety of conventional communications media and protocols may be usedfor information links such as, for example, a connection to an InternetService Provider (ISP) over the local loop as is typically used inconnection with standard modem communication, cable modem, Dishnetworks, ISDN, Digital Subscriber Line (DSL), or various wirelesscommunication methods. The system 100 might also reside within a localarea network (LAN) which interfaces to network via a leased line (T1,D3, etc.). Such communication methods are well known in the art, and arecovered in a variety of standard texts. See, e.g., GILBERT HELD,UNDERSTANDING INFORMATION COMMUNICATIONS (1996), hereby incorporated byreference.

In accordance with an exemplary embodiment, the recipient 180 may beconfigured to assess the risk associated with a transaction 190.Alternatively, the consuming application may be configured to performother useful processes such as preparing a marketing offer, preparing apresentation, making a marketing decision, analyzing a potentialcustomer or set of customers, transmitting specific information,organizing information, collecting and/or storing information.

It should be noted that the information 160 required to make acustomer-focused credit decision 190 may exceed the informationtraditionally presented on a credit application. External information162, however, such as credit bureau reports or strategic alliancepartner data may permit a more comprehensive assessment of thetransaction risk and/or creditworthiness of the applicant 190. With theemergence of e-commerce, numerous new providers 152 with trusted datamay improve the accuracy of the assessment of risk associated with atransaction, which may depend upon an applicant's creditworthiness andvalidity 190. The instant invention enables a subscriber to leveragethese new information sources so that they may be easily used within theconsumer and small business credit evaluation process.

In an exemplary embodiment, an administrator 130 is configured tofacilitate receiving and execute an information acquisition request 120.The means through which the request 120, or any other communication ormessages, are transmitted may comprise enterprise messaging middleware,such as MQ messaging from IBM, or may comprise any other softwaresuitable for sending messages. An exemplary message may comprise aninformation acquisition request 120, or a confirmation that theinformation was received. The system 100 may be configured to maintainthe security and/or confidentiality of transmitted information throughmeans such as encryption, application of appropriate legends, e.g.,proprietary legends, and use of secure transmission means. Similarly,when communicating with an external information provider 152 or aninternal information provider 155, the system 100 may use an enterprisemessaging middleware, such as MQ messaging, or any other softwaresuitable for sending messages.

In an exemplary embodiment, a plurality of remote protocols may beestablished to facilitate communication with a plurality of conformingdata providers. In accordance with this embodiment, a remote protocolmay be first established for a particular data provider, and thatprotocol may later be accessed to facilitate communication with anyother data provider conforming to the standard protocol. As newproviders arise, requiring the establishment of new protocols, and ascorresponding new protocols are developed and saved, so as to add to thelibrary of previously established protocols, the growing family ofprotocols may become available for use with other conforming dataproviders. In this way, time and resources that would otherwise berequired to establish cooperation with particular new data providers maybe reduced dramatically as previously configured remote protocols aremade available for re-use and/or adaptation. For example, in accordancewith one embodiment, a remote protocol may be configured for use with aspecific language such as Extensible Markup Language or MQ messagingfrom IBM so that a predetermined set of information may be acquired froma conforming data provider. Then, when a new data provider becomesavailable and adopts the Extensible Markup Language protocol of the MQmessaging protocol, a new link may be quickly established for that newprovider. Further, data elements may be defined and/or described throughtags (e.g., metatags) so that a simple manipulation of the tag willenable a consistent modification of the data element wherever it isaccessed. Accordingly, remote protocols are configured to accomplishmost common or repetitive information acquisition requests 120 such asretrieving account registrations, account types, and/or a product types.

In addition, a database 178 may be used to store and maintaininformation 160. Database 178, as well as other databases used inconjunction with the invention, may be any type of database, such asrelational, hierarchical, object-oriented, and/or the like. Database 178may be configured to be periodically purged to eliminate stale data andto reduce database size requirements. For example, data currency may bemaintained by periodic purging of the entire database every 30 or 60days or may be accomplished with respect to only specific data elementsonce those data elements become 30 or 60 days old. Other data purging ordata retention practices may be implemented to comply with governmentallaws, industry standards, and/or organizational policies. Commondatabase products that may be used to implement the databases includeDB2 by IBM (White Plains, N.Y.), any of the database products availablefrom Oracle Corporation (Redwood Shores, Calif.), Microsoft Access byMicrosoft Corporation (Redmond, Wash.), or any other database product.Database may be organized in any suitable manner, including asinformation tables or lookup tables. Association of certain informationmay be accomplished through any information association technique knownand practiced in the art. For example, the association may beaccomplished either manually or automatically. Automatic associationtechniques may include, for example, an database search, an databasemerge, GREP, AGREP, SQL, and/or the like. The association step may beaccomplished by a database merge function, for example, using a “keyfield” in each of the manufacturer and retailer information tables. A“key field” partitions the database according to the high-level class ofobjects defined by the key field. For example, a certain class may bedesignated as a key field in both the first information table and thesecond information table, and the two information tables may then bemerged on the basis of the class information in the key field. In thisembodiment, the information corresponding to the key field in each ofthe merged information tables is preferably the same. However,information tables having similar, though not identical, information inthe key fields may also be merged by using AGREP, for example.

With reference to FIG. 2, in accordance with a further aspect of thepresent invention, a method of handling information (method 200) isinitiated when an administrator 130 receives an information acquisitionrequest 120 from a subscriber 110 to acquire one or more prescribed setsof information 160 from one or more selected providers 150, i.e.,internal and/or external sources, of information 160 (step 210). Inresponse to the information acquisition request 120, the administrator130 implements the provider definition 124, which defines the identityof the information provider 150, and the set definition 122, whichdefines the requested information 160, into a conforming set ofinstructions for the information acquisition engine 140 (step 220).

The administrator 130 then communicates the conforming instructions toan information acquisition engine 140 (step 230). In accordance withthose instructions, the information acquisition engine 140 retrieves therequested information 160 from the selected provider 150 (step 240) bycommunicating across an established communication link using an agreedupon communication protocol. It should be noted that the selectedprovider may accumulate information as a byproduct of its business,e.g., a merchant's collecting data regarding a specific loyal consumer,or may be in the business of collecting data, e.g., a credit bureau inregular communication with a network of credit issuers. Upon receipt ofthe requested data, the acquisition engine 140 then communicates theinformation 160 to an information assimilator 170 (step 250). Theinformation assimilator 170 receives the information from theinformation acquisition engine 140 (step 260), combines the informationinto an information suite 176 (step 270), and stores the informationsuite 176 in a database 178 (step 280). It should be noted that in anexemplary embodiment, an information suite 176 is a composite of dataelements having their origin in a plurality of data sources. Each of thedata elements bears a structure comprising a plurality of data fields,and each of the fields serves to describe an attribute of the dataelement. For example, a first data field may be configured to describe avalue, another data field may be configured to describe the format ofthe first data element (e.g., numeric or alpha-numeric), another datafield may be configured to describe the original source of the dataelement, and additional data fields may be configured to describeadditional attributes of the data element such as its acquisition date,its units, its description, and the like. Finally, the administrator 130informs the subscriber 110 whether and when the requested information160 has been collected and where and how it may be accessed (step 290).In an exemplary embodiment, this may be accomplished by defining a tagor other unique identifier that is configured to enable the subscriber110, through a known and established communication link, and using aknown protocol, to view and use the acquired information. Optionally,the information suite 176 is transmitted by the system 100 directly to adesignated information recipient 180 (step 291).

In accordance with an exemplary embodiment of the present invention, theset definition 122, which defines the information 160 to be collectedand/or the identity of the information provider 150, are stored in astandard request module 120 for repetitive use (step 292). It should benoted that set definition 122 may define the information to be acquiredand the source of the information 160 through any format or notation orother means known in the art so long as the information acquisitioninformation engine is able to interpret the set definition 122 touniquely identify the information and the provider. For example, aprovider may be identified by a unique number or set of alpha-numericcharacters, and a set of information may be defined by a single set ofcharacters forming one data element or by a plurality of charactersserving to uniquely identify the information set. A request module 120may be modified by a subscriber 110 as information requirements orproviders change (step 293). In accordance with another exemplaryembodiment of the present invention, the information acquisition engine140 may additionally acquire internal information 165 from an internaldatabase 155 to be combined with the external information 162 acquiredby the information acquisition engine 140 (step 294). In accordance withyet another exemplary embodiment of the present invention, theinformation suite 176 may be processed by the recipient 180 in order todetermine the risk associated with a transaction 190 (step 295), whichrisk assessment may be communicated to the subscriber 110.

Accordingly, the invention provides an improved system and method forfacilitating the collection, storage and distribution of information,where the provider definition 124 may be easily configured by asubscriber 110. Moreover, the invention provides a system and method forfacilitating the collection, storage and distribution of information,where the set definition 122 may be easily configured by a subscriber110. It should be noted that the system of the instant invention may beconfigured to facilitate collection of many useful sets of informationor to make many varied and useful determinations. Thus, it should not beconstrued as being limited to use in determining the transaction risk,which may depend upon the creditworthiness of a potential creditor. Forexample, a credit issuer may employ the present invention to assess anoverall composite risk associated with a particular transaction orseries of transactions where the overall risk comprises riskcontributions from many sources. For example, a composite risk mayinvolve a risk of creditor fraud, a risk of creditor default, a risk ofmerchant fraud, a risk of insured loss, a risk of slow payment, a riskof economic uncertainty, a risk associated with a consumer, theconsumer's creditworthiness, the risk of error, and other related andrelevant contributory risks. An exemplary system may be configured tofacilitate an assessment of individual risk elements and to combine theindividual risk elements into a composite risk assessment using anyknown method such as the root sum squared method or probabilisticmethods such as Monte Carlo methods.

The present invention may be described herein in terms of functionalblock components, screen shots, optional selections and variousprocessing steps. It should be appreciated that such functional blocksmay be realized by any number of hardware and/or software componentsconfigured to perform the specified functions. For example, the presentinvention may employ various integrated circuit components, e.g., memoryelements, processing elements, logic elements, look-up tables, and thelike, which may carry out a variety of functions under the control ofone or more microprocessors or other control devices. Similarly, thesoftware elements of the present invention may be implemented with anyprogramming or scripting language such as C, C++, Java, COBOL,assembler, PERL, extensible markup language (XML), with the variousalgorithms being implemented with any combination of informationstructures, objects, processes, routines or other programming elements.Further, it should be noted that the present invention may employ anynumber of conventional techniques for information transmission,signaling, information processing, network control, and the like. Stillfurther, the invention could be used to detect or prevent securityissues with a client-side scripting language, such as JavaScript,VBScript or the like. For a basic introduction of cryptography andnetwork security, the following may be helpful references: (1) “AppliedCryptography: Protocols, Algorithms, And Source Code In C,” by BruceSchneier, published by John Wiley & Sons (second edition, 1996); (2)“Java Cryptography” by Jonathan Knudson, published by O'Reilly &Associates (1998); (3) “Cryptography & Network Security: Principles &Practice” by William Stalling, published by Prentice Hall; all of whichare hereby incorporated by reference for background purposes.

It will be appreciated, that many applications of the present inventioncould be formulated. One skilled in the art will appreciate that thenetwork may include any system for exchanging information or transactingbusiness, such as the Internet, an intranet, an extranet, WAN, LAN,satellite communications, and/or the like. It is noted that the networkmay be implemented as other types of networks, such as an interactivetelevision (ITV) network. The users may interact with the system via anyinput device such as a keyboard, mouse, kiosk, personal digitalassistant, handheld computer (e.g., Palm Pilot®), cellular phone and/orthe like. Similarly, the invention could be used in conjunction with anytype of personal computer, network computer, workstation, minicomputer,mainframe, or the like running any operating system such as any versionof Windows, Windows NT, Windows2000, Windows 98, Windows 95, MacOS,OS/2, BeOS, Linux, UNIX, Solaris or the like. Moreover, although theinvention is frequently described herein as being implemented withTCP/IP communications protocols, it will be readily understood that theinvention could also be implemented using IPX, Appletalk, IP-6, NetBIOS,OSI or any number of existing or future protocols. Moreover, the systemcontemplates the use, sale or distribution of any goods, services orinformation over any network having similar functionality describedherein.

It should be appreciated that the particular implementations shown anddescribed herein are illustrative of the invention and its best mode andare not intended to otherwise limit the scope of the present inventionin any way. Indeed, for the sake of brevity, conventional informationnetworking, application development and other functional aspects of thesystems (and components of the individual operating components of thesystems) may not be described in detail herein. Furthermore, theconnecting lines shown in the various figures contained herein areintended to represent exemplary functional relationships and/or physicalcouplings between the various elements. It should be noted that manyalternative or additional functional relationships or physicalconnections may be present in a practical electronic transaction system.

As will be appreciated by one of ordinary skill in the art, the presentinvention may be embodied as a method, an information processing system,a device for information processing, and/or a computer program product.Accordingly, the present invention may take the form of an entirelysoftware embodiment, an entirely hardware embodiment, or an embodimentcombining aspects of both software and hardware. Furthermore, thepresent invention may take the form of a computer program product on acomputer-readable storage medium having computer-readable program codemeans embodied in the storage medium. Any suitable computer-readablestorage medium may be utilized, including hard disks, CD-ROM, opticalstorage devices, magnetic storage devices, and/or the like.

The present invention is described herein with reference to screenshots, block diagrams and flowchart illustrations of methods, apparatus(e.g., systems), and computer program products according to variousaspects of the invention. It will be understood that each functionalblock of the block diagrams and the flowchart illustrations, andcombinations of functional blocks in the block diagrams and flowchartillustrations, respectively, can be implemented by computer programinstructions. These computer program instructions may be loaded onto ageneral purpose computer, special purpose computer, or otherprogrammable information processing apparatus to produce a machine, suchthat the instructions which execute on the computer or otherprogrammable information processing apparatus create means forimplementing the functions specified in the flowchart block or blocks.

These computer program instructions may also be stored in acomputer-readable memory that can direct a computer or otherprogrammable information processing apparatus to function in aparticular manner, such that the instructions stored in thecomputer-readable memory produce an article of manufacture includinginstruction means which implement the function specified in theflowchart block or blocks. The computer program instructions may also beloaded onto a computer or other programmable information processingapparatus to cause a series of operational steps to be performed on thecomputer or other programmable apparatus to produce acomputer-implemented process such that the instructions which execute onthe computer or other programmable apparatus provide steps forimplementing the functions specified in the flowchart block or blocks.

Accordingly, functional blocks of the block diagrams and flowchartillustrations support combinations of means for performing the specifiedfunctions, combinations of steps for performing the specified functions,and program instruction means for performing the specified functions. Itwill also be understood that each functional block of the block diagramsand flowchart illustrations, and combinations of functional blocks inthe block diagrams and flowchart illustrations, can be implemented byeither special purpose hardware-based computer systems which perform thespecified functions or steps, or suitable combinations of specialpurpose hardware and computer instructions.

In the foregoing specification, the invention has been described withreference to specific embodiments. It will be appreciated, however, thatvarious modifications and changes can be made without departing from thescope of the present invention. The specification and figures are to beregarded in an illustrative manner, rather than a restrictive one, andall such modifications are intended to be included within the scope ofpresent invention. For example, the steps recited in any of the methodor process claims may be executed in any order and are not limited tothe order presented.

Benefits, other advantages, and solutions to problems have beendescribed above with regard to specific embodiments. However, thebenefits, advantages, solutions to problems, and any element(s) that maycause any benefit, advantage, or solution to occur or become morepronounced are not to be construed as critical, required, or essentialfeatures or elements of any or all the claims. As used herein, the terms“comprises,” “comprising,” or any other variation thereof, are intendedto cover a non-exclusive inclusion, such that a process, method,article, or apparatus that comprises a list of elements does not includeonly those elements but may include other elements not expressly listedor inherent to such process, method, article, or apparatus. Further, noelement described herein is required for the practice of the inventionunless expressly described as “essential” or “critical.”

1. A system for facilitating an assessment of risk associated with atransaction comprising: a payment processor administrator configured tofacilitate receiving an information acquisition request; a paymentprocessor information assimilator configured to facilitate receivinginformation, wherein said information is compared to correspondingpayment processor internal information to verify accuracy of saidinformation, in response to said corresponding payment processorinternal information existing; said payment processor informationassimilator configured to combine said information into an informationsuite, wherein said information suite is configured to facilitateprocessing to determine said risk associated with said transaction; andwherein a mitigation action is initiated responsive to said risk.
 2. Thesystem of claim 1, wherein said information acquisition requestcomprises an encoded selection parameter and provider definition.
 3. Thesystem of claim 2, wherein said payment processor administrator isfurther configured to retrieve at least one of said selection parameterand said provider definition from payment processor parameterinformation, in response to said at least one of said selectionparameter and said provider definition not being included in saidinformation acquisition request, wherein said payment processorparameter information is derived from a payment processor.
 4. The systemof claim 1, wherein said information acquisition engine retrieves saidinformation from an information provider.
 5. The system of claim 4,wherein said information provider is an external provider.
 6. The systemof claim 4, wherein said information provider is an internal provider.7. The system of claim 1, wherein said payment processor informationassimilator is further configured to facilitate receiving saidinformation from an information acquisition engine.
 8. The system ofclaim 1, wherein said payment processor administrator is furtherconfigured to facilitate informing a subscriber about said collection ofsaid information.
 9. The system of claim 1, wherein said paymentprocessor administrator is configured to facilitate instructing asubscriber regarding access to said information.
 10. The system of claim1, wherein said payment processor information assimilator is configuredto facilitate transmitting said information suite to a designatedinformation recipient.
 11. The system of claim 1, wherein said paymentprocessor administrator is configured to request said payment processorinformation assimilator to transmit said information suite to adesignated information recipient.
 12. An improved method forfacilitating an assessment of risk associated with a transactioncomprising: receiving, at an information processing machine, aninformation acquisition request, wherein said information processingmachine comprises a processor, a memory, and data store; retrievinginformation, by said information processing machine and from saidinformation provider, based on said information acquisition request;comparing, by said information processing machine, said information tocorresponding internal information to verify accuracy of saidinformation in response to said corresponding internal informationexisting; integrating said information, by said information processingmachine, to form an information suite; assessing, by said informationprocessing machine, risk associated with said transaction using saidinformation suite; and initiating a mitigation action responsive to saidrisk.
 13. The system of claim 12, wherein said information acquisitionrequest comprises a selection parameter and a provider definition. 14.The system of claim 12, further comprising retrieving, by saidinformation processing machine, at least one of a selection parameterand an information provider definition from payment processor internalparameter information, in response to said at least one of saidselection parameter and said information provider definition not beingincluded in said information acquisition request, wherein said paymentprocessor internal parameter information is derived from a paymentprocessor.
 15. The system of claim 12, further comprising retrievingsaid information from an information provider.
 16. The system of claim12, further comprising retrieving said information from an informationacquisition engine.
 17. The method of claim 12, further comprisingcommunicating, by said information processing machine, said riskassociated with said transaction to a subscriber.
 18. The method ofclaim 12, further comprising communicating, by said informationprocessing machine, said information suite to a designated informationrecipient.
 19. The method of claim 12, further comprising instructing asubscriber regarding access to said information.
 20. A tangible computerreadable medium having stored thereon, computer executable instructionsthat, if executed by a computing device, cause said computing device toperform a method for facilitating an assessment of risk associated witha transaction comprising: receiving, at an information processingmachine, an information acquisition request, wherein said informationprocessing machine comprises a processor, a memory, and data store;retrieving information, by said information processing machine and fromsaid information provider, based on said information acquisitionrequest; comparing, by said information processing machine, saidinformation to corresponding internal information to verify accuracy ofsaid information in response to said corresponding internal informationexisting; integrating said information, by said information processingmachine, to form an information suite; assessing, by said informationprocessing machine, risk associated with said transaction using saidinformation suite; and initiating a mitigation action responsive to saidrisk.